Comments

From: Pablo Neira Ayuso <pablo@netfilter.org>
This patch allows you to include the conntrack information together
with the packet that is sent to user-space via NFQUEUE.
Previously, there was no integration between ctnetlink and
nfnetlink_queue. If you wanted to access conntrack information
from your libnetfilter_queue program, you required to query
ctnetlink from user-space to obtain it. Thus, delaying the packet
processing even more.
Including the conntrack information is optional, you can set it
via NFQA_CFG_F_CONNTRACK flag with the new NFQA_CFG_FLAGS attribute.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/linux/netfilter.h | 10 ++
include/linux/netfilter/nfnetlink_queue.h | 3 +
net/netfilter/core.c | 4 +
net/netfilter/nf_conntrack_netlink.c | 144 ++++++++++++++++++++++++++++-
net/netfilter/nfnetlink_queue.c | 48 ++++++++++
5 files changed, 208 insertions(+), 1 deletion(-)